Cyberattacks Invade 90% of Organizations: Radware
More than 90% of the respondents in Radware’s annual study reported they experienced cyberattacks in 2015. Not one industry, including financial services, were immune to cyberattacks and few were prepared, according to the Israel-based security firm.
The coming year appears to be just as ominous, according to the “2015-2016 Global Application and Network Security Report,” for which Radware's Emergency Response Team surveyed more than 300 organizations. The report identified 2015’s major attack trends, outlined industry preparedness and offered predictions.
Financial services organizations ranked medium to high on Radware's Ring of Fire chart, which mapped vertical markets based on the likelihood that organizations in various sectors would experience attacks.
Radware predicted attacks will become even more aggressive with the arrival of Advanced Persistent Denial of Service attacks, and an increase in the volume and scope of sophisticated, bot-generated attacks on web application infrastructure.
Other key findings revealed an increase in the frequency of ransoms, in which attackers focus their demands toward service providers, and leverage both DDoS and SSL Flood attacks when no ransom payment is received.
While more than 60% of respondents indicated being extremely or very well prepared to safeguard against unauthorized access and worm and virus damage, the same percentage of respondents indicated they were somewhat or not very prepared to handle advanced persistent threats and information theft.
The study also noted wider and more sophisticated attack modalities that are becoming completely automated and more sophisticated by the day. New techniques such as APDoS, Burst, volumetric pipe and Dynamic IP attacks are harder to defend against manually, the report stated.
Along with the rise in APDoS and other volumetric pipe attacks comes other emerging threats that demand more advanced detection and mitigation, including mimicking user behavior and serving up dynamic IP addresses, according to Radware.
One third of respondents cited a volumetric or pipe saturation weakness, and another quarter cited a vulnerability to network and HTTPS or SSL attacks. The reported overall weaknesses suggested a true protection gap for most organizations today.
"The front lines of information security will not include humans,” Carl Herberger, vice president of security solutions at Radware, said. “As defenses continue to succumb to an endless flood of sophisticated, automated attacks and an infinite number of new attack techniques, the idea of humans having the ability to deploy detection technologies and choreograph responses in real-time will disappear. We are approaching the fall of human cyberdefenses and the rise of ‘cyber-botted’ defense."
Radware made the following recommendations:
- Bet on bots and automation. It is no longer realistic to believe humans can deploy detection technologies and choreograph threat responses in real time. Rather, it has become necessary to fight automated threats with automation technology.
- Cover the blind spot. To target an organization’s blind spot, attackers deploy parallel, multi-vector attack campaigns by increasing the number of attack vectors launched in parallel, and targeting different layers of the network and data center. If only one vector goes undetected, the attack is successful and the result is highly destructive.
- Mitigate all types of DDoS attacks. Organizations need a single vendor, hybrid solution that can protect networks and applications for a wide range of attacks. A truly integrated solution includes all the different technologies needed, including DoS protection, behavioral analysis, IPS, encrypted attack protection and web application firewall.
- Understand the likelihood and cause of attacks. Mitigation assumptions should move in lockstep with risk level. Whether it is preparing for increased industry risk or being mindful to how hacktivists operate and select targets, understanding fuels preparation to mitigate risks and defend your network.